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CLAIMS 

What is Claimed is: 

L A method of operating a computed system, said method comprising: 

providing a first version of a program in memory, said first version of a program 
/ including at least one program unit, each program unit comprising an Application 
Programming Interface (Afl) d efinition fi le and an implementation, each API 
definition file defining items in its associated program unit that are made 
accessible to one or more other program units, each implementation including 
executable code corresponding to said API definition file, said executable code 
including type specific instructions and data; and 



performing a first verificatior 



including verifying said program prior to execution of 



said program, said first verification including 

errc 



indicating a verification ejrror when a first version of a first program unit 
implementation is no't internally consistent; 

r ■ ■ 

indicating a verification error when said first version of said first program unit 

I 

implementation is inconsistent with a first version of said first program unit 

API definition file associated with said first version of said first program unit 

i 

implementation; ,! 

receiving a second version of said first program unit implementation and a second 

version of said first! program unit API definition file, said second version being 

i — — — ■ — 

a revised version of said first version; 

i 
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performing a second verification including verifying said second version of said 
first program unit implementation, including 

indicating a verification error when said second version of said first program 

unit implementation is not internally consistent; and 
indicating a verification error when said second version of said first program 
unit implementation is inconsistent with said second version of said first 
program unit API definition file; and 
performing a third verification including verifying said second version of said first 
program unit implementation is binary compatible with said first version of 
said first program unit implementation by comparing said first version of said 
first program unit API def jiition file and said second version of said first 
program unit API definition file. 



2. The method of claim 1, further comprising; 

i 

indicating a verification error when a second program unit implementation that 

references said first program unit is inconsistent with said first version of said first 
program unit API definition file; and 
indicating said second program unit implementation is verified with said second 
version of said first pro/gram unit API definition file when said second version of 
said first program unit /binary is compatible with said first version of said first 
program unit implementation. 
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The method of claim 2, further 
indicating said second program 



implementation is verified 
definition file. 



comprising: 

unit implementation is verified with said second 



version of said first program unit implementation when said second program unit 



nth said second version of said first program unit API 



The method of claim 1 wherein said first version of said first program unit API 
definition file is binary compatible with said second version of said first program unit 
API definition file when said second version of said first program unit API definition 
file includes a superset of each element in said first version of said first program unit 
API definition file. 1 

The method of claim 1 wherein 

said first program unit references items in at least one other program unit; and 
said second verification includes indicating a verification error when said second 

version of said first program unit implementation is inconsistent with API 

definition files of each referenced program unit. 



A program storage device readable by a machine, embodying a program of 

I 

instructions executable by the machirie to perform program verification, comprising: 
providing a first version of a program in memory, said first version of a program 
including at least one program unit, each program unit comprising an Application 
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inition file and an implementation, each API 



definition file defining items in its associated program unit that are made 
accessible to one or more other Drogram units, each implementation including 
executable code corresponding to said API definition file, said executable code 
including type specific instructic ns and data; and 
performing a first verification including verifying said program prior to execution of 
said program, said first verification including 

indicating a verification error when a first version of a first program unit 

implementation is not internally consistent; 
indicating a verification error when said first version of said first program unit 
implementation is inconsistent with a first version of said first program unit 



^t v 



API definition file associated with said first version of said first program unit 
implementation; 

receiving a second version of said first program unit implementation and a second 
version of said first program unit API definition file, said second version being 
a revised version of said first version; 

performing a second verification including verifying said second version of said 
first program unit implementation, including 



indicating a verification error w 



20 



len said second version of said first program 



unit implementation is not internally consistent; and 



V 
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unit implementation is 



indicating a verification errcr when said second version of said first program 



inconsistent with said second version of said first 



program unit API definition file; and 



performing a third verification 



including verifying said second version of said first 



program unit implementation is binary compatible with said first version of 
said first program unit implementation by comparing said first version of said 
first program unit API definition file and said second version of said first 



program unit API definition file. 



7. The program storage device of claim 1, further comprising: 

indicating a verification error when a second program unit implementation that 

references said first program unit is inconsistent with said first version of said first 

program unit API definition file; and 
indicating said second program unit implementation is verified with said second 

version of said first program unit API definition file when said second version of 

said first program unit binary is compatible with said first version of said first 

I 

program unit implementation. 



8. The program storage device of; claim 2, further comprising: 

! 

indicating said second program unit implementation is verified with said second 

version of said first program unit implementation when said second program unit 
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implementation is verified with saicjl second version of said first program unit API 
definition file. 



9. The program storage device of claim 1 
unit API definition file is binary comp 



wherein said first version of said first program 
tible with said second version of said first 
program unit API definition file when /said second version of said first program unit 
API definition file includes a supersef of each element in said first version of said first 
program unit API definition file. 

10. The program storage device of claim 1 wherein 
said first program unit references items in at least one other program unit; and 
said second verification includes indicating a verification error when said second 

version of said first program /unit implementation is inconsistent with API 
definition files of each referenced program unit. 

1 1. A system for executing a software application, the system comprising: 

a computing system that generates executable code, comprising means for providing a 

i . . 

first version of a program in memory, said first version of a program including at 

j 

least one program unit, each program unit comprising an Application 

Programming Interface (lAPI) definition file and an implementation, each API 

I 

definition file defining items in its associated program unit that are made 

I 

accessible to one or more other program units, each implementation including 

<t 

i 
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executable code corresponding to/said API definition file, said executable code 
including type specific instmctidns and data; and 
means for performing a first verification including verifying said program prior to 
execution of said program, said first verification including 

means for indicating a verification error when a first version of a first program unit 

implementation is not internally consistent; 
means for indicating a verification error when said first version of said first 

program unit implementation is inconsistent with a first version of said first 

program unit API definition file associated with said first version of said first 

program unit implementation; 
means for receiving a second version of said first program unit implementation and 

a second version of slid first program unit API definition file, said second 



version being a revised version of said first version; 
means for performing a second verification including verifying said second version 



of said first program unit implementation, including 

means for indicating a verification error when said second version of said first 

program unit implementation is not internally consistent; and 

i 

means for indicating a verification error when said second version of said first 



program unit implementation is inconsistent with said second version of 
said first pro gram unit API definition file; and 
means for performing a third verification including verifying said second version 
of said first program unit implementation is binary compatible with said first 
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version of said first program unit implementation by comparing said first 
version of said first program unit API definition file and said second version 
of said first program unit API definition file. 

12. The system of claim 11, further comprising: 

means for indicating a verification error when a second program unit implementation 
that references said first program unit is inconsistent with said first version of said 



liit 



first program unit API definition file; and 
means for indicating said secor d program unit implementation is verified with said 
second version of said first program unit API definition file when said second 



version of said first program unit binary is compatible with said first version of 
said first program unit implementation. 



13. The system of claim 12, further comprising: 

means for indicating said seclnd program unit implementation is verified with said 
second version of said first program unit implementation when said second 
program unit implementation is verified with said second version of said first 
program unit API definition file. 



14. The system of claim 1 1 wherein said first version of said first program unit API 
definition file is binary compatible with said second version of said first program unit 
API definition file when said second version of said first program unit API definition 
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file includes a superset of each elemeiyt in said first version of said first program unit 
API definition file. 

15. The system of claim 11 wherein 
5 said first program unit references items in at least one other program unit; and 

said second verification includes /means for indicating a verification error when said 
second version of said first program unit implementation is inconsistent with API 
definition files of each referenced program unit. 



10 1 6. A resource-constrained devicej comprising: 

memory for providing a remojely verified application software program comprising at 
least one program unit, each program unit comprising type specific instructions 
and data, said remote verification utilizing an Application Programming Interface 
(API) definition file for/teach said implementation, each said API definition file 

15 defining items in its associated program unit that are made accessible to one or 

more other program units, said remote verification including verifying a second 
version of a first program unit implementation is binary compatible with a first 
version of said first program unit implementation by comparing said first version 
of said first program unit API definition file and said second version of said first 



20 program unit API definition file; and 

a virtual machine that is capable of executing instructions included within said 
application software program. 
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17. The resource-constrained device of claim 16 wherein said resource-constrained device 
comprises a smart card. 



18. The resource-constrained device of claim 17 wherein said virtual machine is Java 



Card™-co npliant. 
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